How would be the Top 3 Spyware apps ?

Hello,

Zerospyware:

To answer some of your questions, how I see things.
Good anti-spyware application (or any for that matter):

User Interface - how quickly do I get accustomed to the functions within 5-10 minutes of using the app, without referring to help files.

Few false positives - unless I'm a beta tester, I do not wish to spend my time heightening paranoia and doing online researches for registry keys and values, trying to figure out what they mean.

Compatibility - How smoothly everything fits.

Patience - I do not want an application that takes 20 seconds to start - in this respect, both Spyware Doctor and Spy Sweeper are annoying.

Detection rate - Not so important to me, more important the ability to remove threats it claims it can - if an x application claims it can remove something, then it should not sprout upon restart.

How did I test the applications?
I use a variety of machines, which are pure scapegoats, and VMware, too.

Other aspects:

Again, MY opinion only:

- Performance (scan speed, cpu usage)
Scan speed, not so important, it can be done overnight, unless it's a fast scan, which should be immediate. CPU is important, because if scan runs in the background, you want to be able to do other things as well.

- Interface
One of the most important things, must be as simple as possible.

- Information provided (some antispyware are vague)
A switch mode, for beginners and experts, because beginners need to know little and experts need to know everything.

-Greyware inclusion and descriptions
Important; this builds people's confidence. I do not want to use a product that makes deals with the marketing, ads and such companies. I my opinion, anything, anything at all that can be used to reduce privacy / security, should be flagged. Even if only for awareness and not removal.

- detection and removal
Answered that already.

- real time monitoring
Could be nice, but it should not popup too often, informing about ambiguous threats.

- Intrusion detection and prevention
Same as above.

- Startup registry management/repair
Part of overall detection management.

- Vulnerability scanning
Could be nice. But without bloating. Marking already disabled Messenger as threat is a no-go. Only serious things - incomplete updates, missing drivers etc.

- support
Live person is always good. Support should be simple. A big link saying Click here for support. As little fuss as possible.

- logging and troubleshooting
Logs should be as informative as possible. Trobleshooting - much as support. Easy and efficient.

- Automatic suspension of spyware processes
I do not like this.

- Highlighting of of unknown processes
Could be nice, as long as not too many popups.

- Removal of chronic spyware
What's chronic spyware?

How can you make your application better?
Activity on security forums is vital. And balls to stand up to your product, even if it's found wanting. So, your participance here, or one of your members can be a valuable addition to your assets. People will trust the application more if they have a living person answering their questions. That should be a vital part of your marketing - dedicating manpower to continuous live work with forums, community etc. And time. You have to wait. You cannot make a breakthrough in a week or two.

So finally, why do I find my selection of 3 as they are. Spybot and Ewido are intuitive, light, friendly. Spy Sweeper is simply the better than other applications I tried - it's just relative. It's not a love of my heart, but given a pool of choices, that's how things rate up.

I have not tried zerospyware yet, but I might be tempted ...

Cheers,
Mrk

 

Hi ZS,

No there's no dual/double standard ... The concern is ... How does Hollywood all of a sudden discover this *new* app ... with in minutes claim the author/app isn't any concern in regards to it's past status on Eric's list; other than making a judgment based on it's delisting (I guess - he hasn't presented anything else - doing so now would be meaningless) ... then with in hours/days (long before the trial would have ended - or even a personal experience with the product could've begun) ... this poster now makes this a recommended app, also stating that the programs he recommends are the best at “detection and removal”. In the context of the time frame of his trial of your product, "How would this be possible?" The issue is that this is totally irresponsible; it's an unfounded claim and recommendation. I can't imagine him doing anymore than likely just running a scan, he certainly did not test in regards to his claim, nor did he search for anyone else's research - if he had; he would have posted such. That's the problem in a nutshell.

While I would agree with what you point out in pg. 4 in principle, it isn't the intent of that such exercise - it would merely be a way for him to justify his claim to a small degree. Your right that "users" don't have the knowledge, experience, expertise, or resources to conduct a qualified test (generally even a personal test) ... Users do tend to make recommendation on their long term personal experiences and they are taken for what they are. This isn't the way that this member presents his recommendation, his wording actually gives the impression that he has the knowledge to make this claim. If he hadn't spilled out of the other thread, where it is plain to see the course of events; and where any reader could see the actual net worth of his comments - I would've have taken issue.

We could argue the validity of Magazine results 'til we're blue in the face ... but in all reality they generally don't disclose their testing environments or methodologies - their results are suspect at best.

It is nice to see you spend the 48 hours between my post and your rebuttal well. You've nicely twisted the intent of what I said. It's also noteworthy that that isn't the exact truth about your arrival here ... you initiated the mention of your product ... your first post was removed as spam, if I need to remind you. It's also likely where hollywood “discovered” your program and I suspect his true motive for bring it up stems from another incident here that happen a little while ago.

As to the other products mention ... no where did I mention that they where the best. My intent with that statement is they are time tested and trusted and that does carry *some* merit – although the statement made wouldn't be acceptable in the context it was in regards to those either. General statements made from the context of someones experience are of course acceptable when presented as such.

Your product has not gotten to that point yet, it will take time to emerge from the initial blacklisting (which I am aware has been a while now), gain popularity ... and prove it's merit over the long haul. While you claim this is unfounded skeptisicm, it's the way it works in my world, you have to earn trust and respect, in this field or any other ... unfortunately you are dis-advantaged because of the past – there isn't any way to quickly correct that.

In my personal opinion I actually don't see much merit for anti-spyware apps in the future. Now that most AVs have been covering this ground in earnest for six months to a year, and spyware/adware has become the predominant malware - I think those companies that position themselves as AS utilities are numbered. The free utilities will survive, and my best guess is that they'd begin to specialize in the few extremely difficult infections to remove (likely with small specialize removal tools) and those that are common/widespread from their main application ... while retaining there old DBs - for the benefits they may still provide. I think the market is sufficiently covered for anti-spyware, even anti-trojans have morphed into anti-malware products to afford future survival, and I think in the end they'll remain the only major players outside of Avs in regards to this type of security scanning.

As to your suggestion ... It does happen; But it has it's place in the proper official support forums, which I assume you do have ... Our vendor support forums do have such threads, usually titled something along the lines of future feature request / suggestions / wishlist . The purpose of the general forums here, is for member help with troubleshooting etc. ... and as such they generally proceed the way they do.

Regards;

Steve

 

Hi Dog,

I now understand the point of your initial posts, and your concerns, but I think it might be easy to attribute Hollywoods enthusiasm about the product to that of a knowledgable application user who gets excited about a new program. With over 15 years of application experience it doesn't usually take me more than an hour of working with a new program to get a guage of its quality. This is especially so when highly familiar with the rest of the programs in that space.

Actually my first post was not removed as spam. I was interested in offering a challenge to local forum members to test our app against any of their favorites and point out any ways in which other apps outperformed ours, in exchange I was going to offer free 1 year subscriptions to all those who provided us this feedback. I was warned by one of the administrators not to post any further mesages of this type, and edited the message on my own. (I'm posting this here for full disclosure). I understand you point about it taking time to gain reputation in the forums, which is why I may have been over-enthusiastic in offering this challenge. See, the thing is we know we have one of the best products in this market, and that all we need is for knowledgable users to reach the same conclusion by trying it. I also wanted to do this becuase I'm interested in direct feedback from knowledgable users such as the members here. It was not my intent to use this as a marketing tactic and since it was taken as such I retracted the offer.

Our app is more popular and credible than might be expected from reading the forums. We have been selling in over 2000 retail outlets in the US for some time now, including all the top chains. We are one of the top selling anti-spyware applications in France where we just launched in December. Most of our customers have several other anti-spyware applications in addition to ours and prefer our application because of its performance and support. We are not new players here. We have been in the anti-spyware business for over 4 years. We are new however to the forums, and are starting to make some efforts to gather feedback from this community.

Now for a bit of history:
The blacklist you refer to is actually the badly termed Rogue list, where any application that had a suspicion of using false positives to encourage purchases of the application was listed. This was NEVER the case with our application, but was listed here because Eric did find some false positives in his initial test, our application was not free, and we had a free-scan only campaign at the time. That's all. I've never been happy with this list or its implications (not only because we were once on it). But the list is overly inclusive. There are several applications on this list which are blatently bad anti-spyware applications, and intentionally misidentify applications as spyware to induce sales. We have several legal notices from some of these companies threatening to sue us out of existence because we list them as rogue, and remove them (consider the irony). There are also applications on this list which are there based on the barest of suspicion for having too many false positives. There has been talk for some time on the forums that the list should be split for this reason. However this list (valuable as it is) was the work of a hobbyist in his spare time and was never meant to be comprehensive or difinitive.

Now consider this. Adaware has had several notable false positives for some time now. At one point Adaware detected spybot as spyware! This was well publicized. For a long time Adaware detected Zerospyware as a potential browser hijacker, even though Zerospyware has no relation to browser hijackers. What is even worse is that the registry entries adaware detected and removed were standard installshiled registry keys. When our users tried to uninstall the application with registry keys corrupted by adaware, they lost data. If you follow the thread on spyware warrior about this there was a lot of anger at adaware for such irresponsible detection and removal. I took issue with another factor. -The term "potential browser hijacker" I found to be completely irresponisble for an anti-spyware application. Who know's what that means? Adaware never defined this term. If it weren't for the fact that adaware se was free it would have been obvious to classify them as a rogue anti-sypware based on Eric's definition since the language seemed intentionally misleading and broad. In fact we currently list some anti-spyware as rogue for similar language. We tried contacting Lavasoft for 7 months about this issue and received no response of any kind. Not what you would expect of a highly regarded anti-spyware application.
Note the following thread on spyware warrior on this topic:
http://spywarewarrior.com/viewtopic.php?p=59895&sid=cb88fd5d1a466a2e161075a0da183c92

Now to the point of the double standard (not referring to you, but security forums as a whole). Adaware and Spybot may be forum favorites. But they simply aren't that good. Their detection and removal rates average between 40-55% compared to the 82-90% bracket that Spysweeper, Zerospyware, and Spyware doctor are in. We usually don't bother to test their applications in our competitive analysis because its not worth the effort. We have over 2000 spyware and malware infection vectors to use for our test, as well as several thousands trusted applications. So our tests end up being pretty comprehensive.

So if the point of security forums such as wilders is to get together to figure out what the best applications in this space are, then why are the recommendations in these forums generally so far off. People refer to magazines as being skewed, but from what I've seen the security forums are more often skewed towards recommendations for free software. Don't get me wrong I love free software as much as the next person and am a huge fan of open source. But...for security software.. performance should be the biggest consideration. Most consumers would rather pay for something that will solve their problem than have something free that has a 50% shot of doing the trick. Certainly there is no harm in running one of the free apps along with one of the paid apps. Which is often the better recommendation (unless the free app is actually removing good files )

I found your comments about the future of anti-spyware interesting. You are correct that the spaces are starting to merge. But there is no evidence so far that the Anti-virus vendors will have this space covered. As many people on this forum know many of the current suite products are bits and pieces of other products. Zone Alarm now uses CA pest patrol as their anti-spyware engine, etc.. You may end up using an anti-virus suite that uses our engine .

I'm not sure that I agree that the anti-virus guys hold the cards. Here is why. Spyware is different from virus in several important ways. But overall its more complicated and requires more customer contact. From my perspective its easier for a good anti-spyware application to incorporate anti-virus engines than the other way around (I'm sure some from the other camp will disagree). But I think the real shift is toward the service model. I believe that microsoft is on the right track with onecare. The average customer needs full service comprehensive security solutions. The user interface needs to be dead simple, live support should always be available, and problems should be instantly remediated. Compare this with the model of Symantec where you buy a product to remove malware, then have to pay $35-$75 to get suppot for the product if you can't remove the malware. For the average user if your computer isn't working correctly and you run a scan and nothing is detected, but your computer still isn't working.. what do you do? I do agree that the markets are merging rapidly and the line between spyware and virus are blurring. We currently detect hundreds of virus and trojans, but don't advertise the fact..yet..and won't until we have a full solution.


I appologize for taking up so much space in this forum to digress on these issues. And it was not my intent to twist your words or win an argument. I'm really only interested in one thing here, and that is determining what it takes to deliver the best anti-spyware application on the market. An aim which i think should be inline with several of the members of this forum. We decided to enter the anti-spyware market nearly 5 years ago when users of our product Zeroads (an LSP based adblocker and internet accelerator) were reporitng that our application was interfering with their net connection or causing them to lose internet connection all together. Turns out most of them had new.net or webhancer spyware ruining their LSP and didn't know it. We entered this space because we hate spyware, and wanted to protect our customers. I hope that you don't take my comments as combatitive, they aren't meant to be, as I found much of your post to be well written and insightfull.

-D

 

Hi Mrkvonic,

Thanks for your detailed response. Regarding start time. This is a difficult issue, since spyware databases can be quite large. There are 2 reasons for this. 1 is that removal of spyware usually entails removing hundreds or thousands of registry keys and files, as opposed to viruses which are generally self contained in one file signature. 2 - often lengthy descriptions are required to describe spyware and grayware, usually not the case for virus. However this comment has come up from several users. We need to find ways to make the application load as quickly as possible, even if only to block against real time threats.

Performance. - I agree 100%. Actual scan time shouldn't matter so much if you can continue to user your computer. This is the number one reason why i often turn virus scanning off. We are plannign to implement cpu throttling as an advanced feature in our next version to allow users to set the maximum cpu utilization by the application (ie.. use no more than 20%). We already have this feature in our enterprise version and it works quite well.

Greyware - we agree. Everything and anything that could affect your privacty, security, or pc performance is and should be listed.

Vulnerability scanning - we include any application vulnerability listed on the net. ie.. realaudio or winamp security holes etc.. These are detected with their CVE number and a link is provided for download. We consider this an essential element in keeping your PC free from spyware.

Automatic suspension of chronic spyware - We include this feature (as an option) to block spyware that has been detected from continuing to run this aids in preventing further activity or infection, and defending against some of the keep alive techniques. Is the concern possible lock up side effects?

The unknown process detection is a panel, not a popup and serves to warn about any process that is not recognized by our trusted list or blacklist. I consider it an indespensible feature, because it helps identify zeroday threats and provides peace of mind when the the computer is acting strangely. This is actually one of the main reasons I usually only run 1 anti-spyware application on my system. With unknown process and reporting I know that there isn't any other active spyware running on my system.

-D

 

I couldn't agree more with Dog's arguments as I felt the whole situation incongruous even before his intervention. There's a definite trend from some Wilders posters to lobby for products in a not so dispassionate way, and freedom of speech also means to challenge uncorroborated statements.

 

ZeroSpyware:

I'm sorry, but I cannot let your several misstatements about the Rogue/Suspect Anti-Spyware list stand uncorrected. You wrote:

This is first of several misleading and erroneous statements. Suzi and I don't judge intent, because we have no definitive way to do so. Thus, we have never listed any anti-spyware application on "suspicion of using false positives to encourage purchases of the application." We list applications that have egregious false positives and note that, in the case of for-pay applications, these can "work as a goad to purchase." But we never claim to have divined any purpose or motive behind these false positives.

The problems that we discovered in the early versions of ZeroSpyware went well beyond a few false positives. For a full discussion of the problems that we discovered, see this thread at Spyware Warrior:

http://spywarewarrior.com/viewtopic.php?t=3871

Readers might also be interested in this contemporaneous discussion at PC Pitstop:

http://pcpitstop.ibforums.com/index.php?showtopic=57257&st=0

This claim is simply false. We have never listed an anti-spyware application because it was not free; nor have we ever exempted an anti-spyware application from the list simply because it was free. The free/pay status of an application plays absolutely NO role in our evaluation. For the criteria we use to evaluate anti-spyware applications, see here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm#criteria

Again, this is just plain false. We have never listed an anti-spyware application simply because it offered only a "scan-only" trial version or "free-scan" version.

No, that's not all, and I would encourage users to review the Spyware Warrior thread listed above for a better picture of why ZeroSpyware was at one time listed on the Rogue/Suspect Anti-Spyware list.

Again, we never attempt to divine intent.

We never list an application on the "barest suspicion" of anything. The listing criteria, once again:

http://www.spywarewarrior.com/rogue_anti-spyware.htm#criteria

It's quite understandable that you'd want to minimize the reputation of the Rogue/Suspect Anti-Spyware list (which has been used by regulatory authorities for investigative purposes and has been cited in testimony before the U.S. Senate), but you're going to have to do better than this.

Once, again we have never given an application a "pass" simply because it was free, and this claim that we did is nothing short of flat-out fabrication on your part.

For the record, I do think that ZeroSpyware 200x has made tremendous progress since early versions were on the Rogue/Suspect list in the summer of 2004. That's why the application is no longer on the list.

That said, I will not stand idly by while a vendor misleads, misrepresents, and even lies about the Rogue/Suspect list and the criteria used for including anti-malware applications on that list. And if I catch you doing this again in other forums, ZeroSpyware, I am going to call you on these misrepresentations then and there.

Eric L. Howes

Note: presently I am Director of Malware Research at Sunbelt Software. At the time ZeroSpyware was listed on the Rogue/Suspect page, I had no relationship whatsoever with Sunbelt Software.

 

Further to Eric's warning...

zerospyware, if you wish to continue posting at this forum, then I suggest you re-read our TOS. If we see further false, incorrect and/or misleading information in your posts, they will be removed along with your account here.

snap

 

Eric,

My intent was certainly not to misrepresent the Rogue list or the criteria behind it. Nor was my intent to denegrate the list or the value of the list. WE use the Rogue list as a reference in our spyware classifications and have tested and list most of the applications on this list either as Greyware or Spyware (however we do independently test each item on the list). But my concern that the criteria used for this list is overly broad still stands.

I have always understood the Rogue list to be characterized by the following statement from you.

However, it is common practice on forums to refer to this list as a blacklist. Meaning: do not use. While this may not have been your intent it is often perceived this way. You may want to scan some of the forums and see the conclusions drawn about our application as a result of being on this list. One consequence that I find particularly disturbing is that False positives from Adaware detecting our application as a possible browser hijacker caused many of our customers to return our application because its inclusion on the Rogue list seemed to validate this false positive as an accurate detection.

Looking at the criteria listed this is not surprising. Because the list includes applications that actually install spyware or hijack your computer:

My understanding from reading the criteria is honestly not clear. I made some of my statements you objected to regarding the freescan of our application because I believed your criteria only extended to the first 8 items. I've read some statements about redicioulous or excessive false positives. This is obviously a judgement call.

But note this from Suzie:

http://blogs.zdnet.com/Spyware/?p=727

and this from your post:

While these statements are not listed in the criteria, they do refer to the list and provide context for the rogue list. This is the basis for my interpretation of the criteria (the mention of barest of suspicion) that you took objection to. Again not an intentional misrepresentation but an honest interpretation based on the text itself. To put it another way. If a new anti-spyware application enters the market, and exhibits false positives (rediculous, excessive or other wise) then it may very well be suspect according to these standards specifically because it is an unknown quantity until further proof is obtained.
I think this might be ok if the category for these applications was suspect, or unproven. But it seems undeserved for such applications to be lumped together with notorious rip offs and scams.

Please let me rephrase.
Adaware has a category they detect called "possible browser hijacker" users generally read this as "remove these components". This term is never defined in the application or on their site. Many false positives (including our own application have been discovered under this category). This sort of broad and undefined terminology from an unknown anti-sypware vendor will always get at least a greyware application in our database. We do not list Adaware for this nor would we expect you to either. The defining characteristic here is reputation. Adaware despite these issues has a solid reputation as one of the good guys. A reputation that was built at least partially on their offering a usefull free utility to the masses. If WE were to encounter a new anti-spyware today with a paid subscription that used this terminology and detected false positives this way. We would classify this as a Grayware/Suspect anti-spyware application period. If the application was free, then WE would have a tough time classifying this as Greyware and would have to look closely at the severity and frequency of the items detected. This was what I meant. My statement wasn't meant to divine your intent nor was it meant to refer to your classification. The point was made in the abstract. That given the criteria ,independently applied, it would be a consideration.

Eric, we have nothing to hide here, and no reason to misrepresent the past. As you point out in the links provided our free-scan application (from 3 years ago) encountered some significant false positives and some unintentional misreporting. You were also able to deduce some of the reasons why in your investigation. And these reasons were either programming or algorithmic errors. The freescan that you tested was grossly out of date with our paid application, and many of the issues you discovered were significant but unintentional.

But I think its also important to note that we contacted you about testing our software and were actively involved in soliciting feedback, and correcting the issues discovered. We also actively solicited the participation of several forum members both in Spyware warrior and PC pitstop to provide feedback on false positives. This is obviously incongruous with most of the other members of this list.

Now Let's consider the context and background of my post:

Over the last 2 years, not only have we significantly improved our product, but we consistently outperform many of the top rated anti-spyware in several well publicized tests. We solicit information from forums, and provide our customers with live 24/7 support and instant remediation of their spyware problems. We treat every false positive with the utmost severity. While we have been removed from your list for some time, the original inclusion serves as a perpetual black mark, that results in people referring to our product in an undeserved negative light.

The Rogue list that we are referring to includes super rogues such as SpyFalcon and its derivitives. These are some of the nasties spyware affecting users today. Surely its obvious that any member of this list is going to be judged by the others on the same list.

Now lets look at how the rogue list is interpreted on the net:

http://paretologic.com/resources/spyware_behavior.aspx

http://www.securitypipeline.com/howto/57700315

http://www.hoax-slayer.com/rogue-anti-spyware.html

http://castlecops.com/t125562-What_is_Rogue_Anti_Spyware.html

The only reference I found so far that captures the true spirit of the Rogue/suspect list is from Suzi herself:

http://blogs.zdnet.com/Spyware/?p=727

And now we have Super Rogues (which are actually spyware):
http://blogs.zdnet.com/Spyware/?p=752

I find this definition from Wikipedia particularly disturbing (incidentally, it links to spyware warrior):

http://en.wikipedia.org/wiki/Spyware

Given the interpretation of the nature of the list I think it would make much more sense to break down the list into 3 seperate lists: Super rogues, Rogue, and suspect/unproven. I am not in any way interested in minimizing the reputation of the Rogue list. But don't you think that the list as it stands is overly broad? Why lump Rogue and Suspect under one category? Is it really usefull to place unknown applications with excessive false positives next to applications that hijack your computer? Should a new anti-spyware application be placed on this list side by side with spyfalcon because its and unknown quantity and suffers from some false positives?

My concern is that the broad categorization of the Rogue/Suspect list has two negative consequences. One applications that are Rogues or Super Rogues, might not get the proper negative attention they deserve by being compared to suspect applications. Second suspect applications which are either minimally dangerous or simply not as effective as they should be will be lumped in with applications that are actively under prosecution. I'm sorry but this just doesn't make any sense to me.

Pardon me for the apparent misrepresentation of your list, again I want to make it clear now that I was referring to the general conception about your list and not YOUR criteria. This was a reaction to Dog's previous post that I listed here. I'm afraid I was not clear enough on this distinction.

But I do share a similar concern. We have a solid reputable anti-spyware application. Our application has been tested by reputable media (I'm assuming you agree with me here) head to head against other top applications (including the company you currently work for) and done well.

As a result of appearing on your list we have been referred to as theives, scumbags, spyware and variety of other things. This is certainly undeserved now and always has been. I also don't want to stand by idle while we suffer this unecessary damage to our reputation and business. I do not blame you for this or imply that this is in any way your intention. In fact its my understanding and assumption that you wouldn't agree with those characterizations of our company or our product. It is clear to me that there is a significant disconnect between the intent behind the criteria and the public perception of the intent behind the criteria. How do we fix this? I think that the public perception of the Rogue list is worthy of consideration and discussion. Condsider the example I provided from Wikipedia. If the Rogue list is broadly misinterpreted then perhaps it should be redefined. If not then I would appreciate your guidance on how we should go about defending ourselves properly.

-David

 

I have lics for Spyware doctor, pest patrol. Both have issues for me high cpu util and FPs so ...

This post has succeeded in making me consider zerospyware as a viable product - first impressions are good although I prefer to have the complete install downloaded

 

This thread reminds me a lot of the Gator people saying "you have to call us Claria now!"

 

ZeroSpyware (David):

You've pulled together a number of quotes -- some short summaries of the list from Suzi and me; some longer characterizations from third parties. Not a single one of these quotes justifies or supports the erroneous statements you made about what Suzi and I actually use for criteria when making decisions to list or not to list applications. At the end of the day, the Rogue/Suspect page contains:

* a list of the criteria that we do use;
* pointers to discussions that elaborate on our use of those criteria
* specific claims about the problems observed with each application
* screenshots of the applications, including scan results
* links to other pages and reports to support the most serious charges

Regarding false positives: we have never listed an application simply for turning up a few false positives in a scan. I've got a directory on my drive with a number of applications that did not make the Rogue/Suspect list even though they generated a false positive or two during testing. As noted on the page...

As for your assertion that the list is overly broad, I'm still not clear on why you think the list is overly broad. Your own company lists the vast majority of the same apps that we do on your own "rogue anti-spyware" page...

http://www.fbmsoftware.com/spyware-net/blacklist_antispy.aspx

...including many of the apps that are on the low end of the scale (i.e., egregious false positives, flawed scan engine, etc.). Here, for example, is your listing of TrueWatch:

Note how similar (though not identical) this listing is to our original complaint regarding ZeroSpyware 2004.

Still further, your own company's list is clearly labeled as a "black list" -- a characterization that we never use for our own. Moreover, we clearly boldface and redline the apps with the worst behavior (the ones you label "super rogues") and provide links to evidence to support our claims. Your company's list does neither, grouping every app into one flat list and providing no supporting evidence whatsoever for the most serious of charges.

David, there will always be folks out there who are to hasty or lazy to take the time to understand the Rogue/Suspect list, what it means, how it operates, and why applications might be on the list. Suzi and I have gone out of our way to illuminate every aspect of the list and our listing criteria. The Rogue/Suspect page is currently awash in information about the list itself and the apps on the list -- far more information than appears on your company's list, I might add.

There's no way for us to guarantee that absolutely no one out there misinterprets or misunderstands the list. The best we can do is make the list as transparent as possible and correct mischaracterizations and misstatements when we see them. If your concern was that the list is being misinterpreted, then your earlier post was precisely the wrong way to go about combating those misinterpretations. You don't combat misunderstanding by making misstatements of your own and further exacerbating mistaken assumptions about the list.

Regards,

Eric L. Howes

 

Hey David,

I read your whole post so Please do not misconstrue this one question I have in regards to the above quote as the only thing I found of interest.

Having said that....would you Please provide a link to some of these "well publicized tests" given the fact on all the many Security Forums I visit there have only been a few test links folks have shared with the community.

Bubba

 

Yes David please provide a few links. I`m now very interested in your product.

 

For bubba and beetlejuice69

Here are a few links:

This is from an August 2005 PC Wolrd review comparing Spysweeper, Counterspy, and Zerospyware

http://www.pcworld.com/reviews/article/0,aid,121411,pg,1,00.asp


From a June 19, 2006 PC Magazine review

This review is actually very detailed if you follow the links, includes comparison charts and discussions on testing methodology.
http://www.pcmag.com/article2/0,1759,1829256,00.asp

This one is a qualitative review of Zerospyware not comparative or quantitative in terms of detection and removal.
http://www.neatnettricks.com/SoftwareReviews/review_ZeroSpyware.htm

There are some more that I'll try to dig up later.

-David

 

Thanks David,

I do appreciate you taking the time to share those links. We do however have a difference of opinion of what constitutes "well publicized tests". IMHO those links are nothing more than reviews. I sure will not attempt to speak for the many folks that visit the same Security Forums I frequent but I'll bet you a free copy of Zerospyware that most of those individuals would construe Anti-Spyware Testing as a benchmark for a well publicized test

Perhaps these other test links you are going to dig up will actually be what most of us construe as Anti-Spyware Testing

Regards,
Bubba

 

Thanks David. Very good and it`s worth a try anyway.

 

Bubba,

I'd like to get Eric's opinion on this as my guess is he knows both of the reviewers I mentioned here. I for one was generally impressed by their test methodology, systems, and ethics. The first two links I placed here are lab tests and not simple reviews. The problem with reviews is that they often don't include enough applications to test against, and have to complete their reviews on a short time schedule. But the laboratories and test beds set up by the publications I listed here are significant and their test methodolgy is sound.

You'll get your free copy though, because I'm sure you'd win . I think that the forum guys tend to lump the reviewers together and give them a bad rap. I think its worth noting that the lab tests and reviews of the better publications are not so far off from the general forum opinions (with the exception of the forum vs review perception of the adaware and spybot). I would like to point out for the record though that the PC Wolrd review I referenced listed us third out of the 3 tested even though our detection rate should have ranked us higher.

Apparently we really got nailed for the positioning of the alerts.
I'll leave it at that.

However, I don't think that they are far off from from the Anti-spyware test. Unfortunately there is virtually no (non-industry) test that compares to Eric's original tests out there at the moment. We perform these tests internally regularly. But ofcourse you would think we are biased if we post our results.

So I've got a suggestion. How about we make our own? We can start the ball rolling by putting together a target virtual machine, and a list of spyware, as well as a list of trusted applications, that we agree on for the test bed, write up the criteria, then let a select group of experienced members from this forum download the VM's (warning they won't be small) and the test infection vectors (from a password protected FTP site), then compare notes accross the top applications. We can collaborate on the criteria and the results, then share them with everyone else. To make it completely fair we would need to allow each of the members involved in the test to install some of their own spyware and trusted applications, then share this list with the others at the conclusion of the test. I for one would like to see a current exhaustive comparison of the top anti-spyware applications that specifically indicates impact on cpu perfomance, effectiveness of real time detection, removal of chronic spyware, interface, descriptions, features, etc, and analyzes the value and actual impact of each feature of the tested applications.

What do you think?

-David

 

I would say

Spyware Doctor
SpySweeper
RegRun

Thanks,

Chris

 

FWIW based on recent testing
The best 3 anti-spyware appointments being

Definition based>>>

Ewido
KAV with extended bases
Anti -Virus

They blocked more spyware in realtime from installing on my test pc than any of the Botkillers

KAV & Ewido seperatlely out performed the so called best 3 SS/SD/CS combined efforts at stopping sample malwares installing and going *live

FWIW

BoClean was'nt tested but if reports of its effectiveness are true then it would be there and there abouts in the top 3

Subsequent
FWIW

ProcessGuard and SSM blocked all test specimens before they went *live
by simply offering me the option to create/grant a rule.

Before anyone points out that these are process control programmes/AV's/AT's then according to my research they still are better Anti spyware appointments.

Afterall its far better to stop malware installing in the first place then it is to have to deal with a compromised/infected Pc subsequently.

* I have yet to test "cleaning" effectiveness of the test softwares against established infections but this will follow at a later date.The Botkillers should hopefully improve on their effectiveness at that point....

 

No mystery he is here to depend the honor of his product, and to raise sales.
After all , this forum is one of the critical forums where 'opinion makers' are born. The 'experts' who others turn to for computer help are 'trained' and 'influenced' here. They are taught what to like and what not to like.

Why else do you think so many security vendors hang out here? Out of the goodness of their heart?

As you can see from this thread it is working.

PS I'm not against ZS, just stating a fact. Everyone else does this too..